Cisco, the networking giant has said that they are becoming victims of hackers using the leaked NSA tools from a while back.
The tools were released in August by ShadowBrokers and were confirmed to be the real deal by the Equation Group; which was found to have very long standing ties to the NSA. This is the second public vulnerability since the data dump Cisco suffered at the hands of unknown hackers. Cisco said that it has already fixed the flaw in its SNMP implementation in its ASA firewalls.
Cisco warned customers that all versions of its IOS, IOS XE and IOS SX are vulnerable to one of the many exploits released in August. Cisco didn’t reveal which of its customers have already been breached, but it’s likely that since the issue effects firewalls, routers and switches made by the firm, there are some that have been some.
“The vulnerability is due to insufficient condition checks in the part of the code that handles IKEv1 security negotiation requests. An attacker could exploit this vulnerability by sending a crafted IKEv1 packet to an affected device configured to accept IKEv1 security negotiation requests,” Cisco said in a blog post.
While Cisco’s Incident Response Team is aware of the exploitation of vulnerabilities to customers running the faulty platforms, they haven’t developed a patch. They have released IPS signatures and Snort rules to moderate the risks to its customers.
The new exploit was named BENIGNCERTAIN and its made up of three binary codes. Each code can be exploited to obtain RSA private key data and VPN configurations details if exploited.
Chief evangelist with GRC Apps company MetricStream, French Caldwell, issued warning to other spy agencies.
“If the NSA was hacked, the chances that they too have been targeted are certainly more than 50-50,” he warned.
If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.
